metasploit-framework/lib/rex/powershell/obfu.rb

# -*- coding: binary -*-

require 'rex/text'

module Rex
module Powershell
  module Obfu
    MULTI_LINE_COMMENTS_REGEX = Regexp.new(/<#(.*?)#>/m)
    SINGLE_LINE_COMMENTS_REGEX = Regexp.new(/^\s*#(?!.*region)(.*$)/i)
    WINDOWS_EOL_REGEX = Regexp.new(/[\r\n]+/)
    UNIX_EOL_REGEX = Regexp.new(/[\n]+/)
    WHITESPACE_REGEX = Regexp.new(/\s+/)
    EMPTY_LINE_REGEX = Regexp.new(/^$|^\s+$/)

    #
    # Remove comments
    #
    # @return [String] code without comments
    def strip_comments
      # Multi line
      code.gsub!(MULTI_LINE_COMMENTS_REGEX, '')
      # Single line
      code.gsub!(SINGLE_LINE_COMMENTS_REGEX, '')

      code
    end

    #
    # Remove empty lines
    #
    # @return [String] code without empty lines
    def strip_empty_lines
      # Windows EOL
      code.gsub!(WINDOWS_EOL_REGEX, "\r\n")
      # UNIX EOL
      code.gsub!(UNIX_EOL_REGEX, "\n")

      code
    end

    #
    # Remove whitespace
    # This can break some codes using inline .NET
    #
    # @return [String] code with whitespace stripped
    def strip_whitespace
      code.gsub!(WHITESPACE_REGEX, ' ')

      code
    end

    #
    # Identify variables and replace them
    #
    # @return [String] code with variable names replaced with unique values
    def sub_vars
      # Get list of variables, remove reserved
      get_var_names.each do |var, _sub|
        code.gsub!(var, "$#{@rig.init_var(var)}")
      end

      code
    end

    #
    # Identify function names and replace them
    #
    # @return [String] code with function names replaced with unique
    #   values
    def sub_funcs
      # Find out function names, make map
      get_func_names.each do |var, _sub|
        code.gsub!(var, @rig.init_var(var))
      end

      code
    end

    #
    # Perform standard substitutions
    #
    # @return [String] code with standard substitution methods applied
    def standard_subs(subs = %w(strip_comments strip_whitespace sub_funcs sub_vars))
      # Save us the trouble of breaking injected .NET and such
      subs.delete('strip_whitespace') unless get_string_literals.empty?
      # Run selected modifiers
      subs.each do |modifier|
        send(modifier)
      end
      code.gsub!(EMPTY_LINE_REGEX, '')

      code
    end
  end # Obfu
end
end
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`# -- coding: binary --`

			`require 'rex/text'`

			`module Rex`
			`module Powershell`
			`module Obfu`
Address @jhart-r7's comments 2014-07-20 20:00:34 +00:00			`MULTI_LINE_COMMENTS_REGEX = Regexp.new(/<#(.*?)#>/m)`
			`SINGLE_LINE_COMMENTS_REGEX = Regexp.new(/^\s#(?!.region)(.*$)/i)`
			`WINDOWS_EOL_REGEX = Regexp.new(/[\r\n]+/)`
			`UNIX_EOL_REGEX = Regexp.new(/[\n]+/)`
			`WHITESPACE_REGEX = Regexp.new(/\s+/)`
			`EMPTY_LINE_REGEX = Regexp.new(/^$\|^\s+$/)`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00
			`#`
			`# Remove comments`
			`#`
More spec 2014-05-05 16:47:30 +00:00			`# @return [String] code without comments`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`def strip_comments`
			`# Multi line`
Cheat/Rubycop all the things 2014-07-20 20:07:59 +00:00			`code.gsub!(MULTI_LINE_COMMENTS_REGEX, '')`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`# Single line`
Cheat/Rubycop all the things 2014-07-20 20:07:59 +00:00			`code.gsub!(SINGLE_LINE_COMMENTS_REGEX, '')`
Finish obfu specs and use rig 2014-05-05 17:38:48 +00:00
			`code`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`end`

			`#`
			`# Remove empty lines`
			`#`
More spec 2014-05-05 16:47:30 +00:00			`# @return [String] code without empty lines`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`def strip_empty_lines`
			`# Windows EOL`
Cheat/Rubycop all the things 2014-07-20 20:07:59 +00:00			`code.gsub!(WINDOWS_EOL_REGEX, "\r\n")`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`# UNIX EOL`
Cheat/Rubycop all the things 2014-07-20 20:07:59 +00:00			`code.gsub!(UNIX_EOL_REGEX, "\n")`
Finish obfu specs and use rig 2014-05-05 17:38:48 +00:00
			`code`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`end`

			`#`
			`# Remove whitespace`
			`# This can break some codes using inline .NET`
			`#`
More spec 2014-05-05 16:47:30 +00:00			`# @return [String] code with whitespace stripped`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`def strip_whitespace`
Cheat/Rubycop all the things 2014-07-20 20:07:59 +00:00			`code.gsub!(WHITESPACE_REGEX, ' ')`
Finish obfu specs and use rig 2014-05-05 17:38:48 +00:00
			`code`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`end`

			`#`
			`# Identify variables and replace them`
			`#`
More spec 2014-05-05 16:47:30 +00:00			`# @return [String] code with variable names replaced with unique values`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`def sub_vars`
			`# Get list of variables, remove reserved`
Cheat/Rubycop all the things 2014-07-20 20:07:59 +00:00			`get_var_names.each do \|var, _sub\|`
Finish obfu specs and use rig 2014-05-05 17:38:48 +00:00			`code.gsub!(var, "$#{@rig.init_var(var)}")`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`end`
Finish obfu specs and use rig 2014-05-05 17:38:48 +00:00
			`code`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`end`

			`#`
			`# Identify function names and replace them`
			`#`
More spec 2014-05-05 16:47:30 +00:00			`# @return [String] code with function names replaced with unique`
			`# values`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`def sub_funcs`
			`# Find out function names, make map`
Cheat/Rubycop all the things 2014-07-20 20:07:59 +00:00			`get_func_names.each do \|var, _sub\|`
Finish obfu specs and use rig 2014-05-05 17:38:48 +00:00			`code.gsub!(var, @rig.init_var(var))`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`end`
Finish obfu specs and use rig 2014-05-05 17:38:48 +00:00
			`code`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`end`

			`#`
			`# Perform standard substitutions`
			`#`
More spec 2014-05-05 16:47:30 +00:00			`# @return [String] code with standard substitution methods applied`
Cheat/Rubycop all the things 2014-07-20 20:07:59 +00:00			`def standard_subs(subs = %w(strip_comments strip_whitespace sub_funcs sub_vars))`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`# Save us the trouble of breaking injected .NET and such`
Finish obfu specs and use rig 2014-05-05 17:38:48 +00:00			`subs.delete('strip_whitespace') unless get_string_literals.empty?`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`# Run selected modifiers`
			`subs.each do \|modifier\|`
Cheat/Rubycop all the things 2014-07-20 20:07:59 +00:00			`send(modifier)`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`end`
Cheat/Rubycop all the things 2014-07-20 20:07:59 +00:00			`code.gsub!(EMPTY_LINE_REGEX, '')`
More spec 2014-05-05 16:47:30 +00:00
			`code`
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 11:59:43 +00:00			`end`
			`end # Obfu`
			`end`
			`end`